Adding SMS to your authenticator-enabled account is a security downgrade.

tl;dr: Basically, title. Adding the SMS Protect feature to an account that already has a TOTP authenticator enabled is a security DOWNGRADE. My personal opinion is, don't do it just for 4 more bag slots inventory spots.context: Authenticator and SMS Protect are both required to get the 4 extra bag slots inventory spots; not just Authenticator.detail: One of the features of SMS Protect is that it allows you to "remove a lost authenticator" using an SMS text message. This means SMS Protect can be used to completely bypass your secure TOTP 2FA authenticator.But SMS out-of-band security channels are considered highly insecure at present; certainly far more so than the relatively strong TOTP 2FA authenticator it can bypass.If you have an account that has a TOTP authenticator enabled and add SMS Protect to it, you are DOWNGRADING your overall account security. Not worth it for 4 bag slots inventory spots.sources: This Verge article is pretty good. Or the NIST guidelines that state that any out-of-band auth sent over the PSTN (telephone network) is considered RESTRICTED, i.e. not to be used unless the security risks are well understood (§5.1.3.3).EDIT: Re-worded a thing because I was accidentally getting people excited about a ton of extra bag space, and I prefer to get people excited on purpose.

Search This Blog

duggi warfounder

Adding SMS to your authenticator-enabled account is a security downgrade.

Popular posts from this blog

Princess Talanji cosplay, by Henchmen Studios and Louisette St. Fort

When you see new Jaina model

Night Elven Forest by Kahtia Powers. Had to post it again because i’m stupid. Let’s hope i don’t get crossposted to a bad art subreddit again. i’m fourteen,, i tried :/